Tried to use an HTML tag in a comment only to find that G+ is encoding outputs, ( view source>ctrl-f>"<" to see an example on my home page ("thing" is the intended script)). This is to be expected (although it's a little annoying that they don't provide any kind of meta-formatting option) but it got me thinking about penetration testing.
Although URL hacks are almost completely impotent these days, out of habit I glanced up at the address bar and saw simply "plus.google.com
Am I missing something? Where's the relative URL data?
I understand that they want to appear to be the antithesis of Facecrook but obfuscation instead of security is not cool Google. Not cool.